Criminals are Using Adwind in a Fresh Wave of Attacks against 1500 Organisations: Kaspersky

Criminals are actively using the Adwind Remote Access Tool (RAT) to launch fresh attacks against organisations across various countries in the world, Kaspersky Lab has announced.

According to the Kaspersky Lab researchers who have been working on the issue, this new wave of attacks comes at a time when many people consider the use of the Adwind platform as a less dangerous threat to organisations than it was a few years ago.

According to Kaspersky Lab, criminals have devised a new method of using this commercially-available malware platform to launch fresh and severe attacks against organisations in various countries in the world.

Some of the organisations that have been affected by the attacks are those from the following countries: Hong Kong, Mexico, Russia and the United Arab Emirates.

‘This new wave of attacks affects organisations in various countries,’ the researchers state.

It is further reported that attackers are using this new form of attack to send messages to organisations that work in particular industries.

It is not clear yet why the hackers appear to target organisations in particular industries only.

However, the Kaspersky Lab researchers have pointed out that the attackers first send an innocent-looking email to their target organisation.

The fake email usually purports to have originated from HSBC, a leading global consultancy firm.

The email contains what appear to be genuine important details about the interaction of the organisation and HSBC. Also, included in the fake emails are attachments that the hackers say contain detailed financial information on the relationship between their target organisation and HSBC.

However, it has been reported that once individuals in the targeted organisation open the fake emails, and download the attachment, a malware program automatically embeds itself on the device that it being used.

The malware program then self-executes and begins to communicate with a remote server that the hackers use.

Once the malware has been fully embedded in a device, the attackers are able to communicate with the malware and extract all the information that they consider important from the device,’ the Kaspersky researchers further point out.

So far, 20% of these new Adwind-based attacks have affected organisations in the retail and accounting sectors in various countries in the world, according to Kaspersky Lab.

It has also been pointed out that a small percentage of the attacks have targeted organisations in other industries such as shipping, insurance and legal services.